Contáctanos al
1510
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT de Gobierno, comparte información sobre vulnerabilidades en varios productos de Red Hat.
Vulnerabilidades
CVE-2022-21540
CVE-2022-21541
CVE-2022-21549
CVE-2022-34169
CVE-2022-34265
CVE-2018-25032
CVE-2021-3634
CVE-2021-40528
CVE-2022-1271
CVE-2022-22576
CVE-2022-27774
CVE-2022-27776
CVE-2022-27782
CVE-2022-29526
CVE-2022-29824
CVE-2022-28346
CVE-2022-28347
CVE-2022-31107
Impacto
Vulnerabilidades de riesgo crítico
CVE-2022-34265: Un error en Django permite realizar inyección SQL si datos no confiables son usados como valor kind/lookup_name.
Productos afectados
Red Hat Ansible Automation Platform 2.1 x86_64
Red Hat CodeReady Linux Builder for ARM 64 – Extended Update Support 8.4 aarch64
Red Hat CodeReady Linux Builder for ARM 64 – Extended Update Support 8.6 aarch64
Red Hat CodeReady Linux Builder for ARM 64 – Extended Update Support 9.0 aarch64
Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems – Extended Update Support 9.0 s390x
Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Red Hat CodeReady Linux Builder for Power, little endian – Extended Update Support 8.4 ppc64le
Red Hat CodeReady Linux Builder for Power, little endian – Extended Update Support 8.6 ppc64le
Red Hat CodeReady Linux Builder for Power, little endian – Extended Update Support 9.0 ppc64le
Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
Red Hat CodeReady Linux Builder for x86_64 – Extended Update Support 8.4 x86_64
Red Hat CodeReady Linux Builder for x86_64 – Extended Update Support 8.6 x86_64
Red Hat CodeReady Linux Builder for x86_64 – Extended Update Support 9.0 x86_64
Red Hat CodeReady Linux Builder for x86_64 8 x86_64
Red Hat CodeReady Linux Builder for x86_64 9 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for ARM 64 – Extended Update Support 8.4 aarch64
Red Hat Enterprise Linux for ARM 64 – Extended Update Support 8.6 aarch64
Red Hat Enterprise Linux for ARM 64 – Extended Update Support 9.0 aarch64
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 8.4 s390x
Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 8.6 s390x
Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 9.0 s390x
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, little endian – Extended Update Support 8.4 ppc64le
Red Hat Enterprise Linux for Power, little endian – Extended Update Support 8.6 ppc64le
Red Hat Enterprise Linux for Power, little endian – Extended Update Support 9.0 ppc64le
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for x86_64 – Extended Update Support 8.4 x86_64
Red Hat Enterprise Linux for x86_64 – Extended Update Support 8.6 x86_64
Red Hat Enterprise Linux for x86_64 – Extended Update Support 9.0 x86_64
Red Hat Enterprise Linux for x86_64 – Update Services for SAP Solutions 8.1 x86_64
Red Hat Enterprise Linux for x86_64 – Update Services for SAP Solutions 8.4 x86_64
Red Hat Enterprise Linux for x86_64 – Update Services for SAP Solutions 8.6 x86_64
Red Hat Enterprise Linux for x86_64 – Update Services for SAP Solutions 9.0 x86_64
Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux Server – AUS 8.4 x86_64
Red Hat Enterprise Linux Server – AUS 8.6 x86_64
Red Hat Enterprise Linux Server – TUS 8.4 x86_64
Red Hat Enterprise Linux Server – TUS 8.6 x86_64
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server for ARM 64 – 4 years of updates 9.0 aarch64
Red Hat Enterprise Linux Server for IBM z Systems – 4 years of updates 9.0 s390x
Red Hat Enterprise Linux Server for Power LE – Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server for Power LE – Update Services for SAP Solutions 8.4 ppc64le
Red Hat Enterprise Linux Server for Power LE – Update Services for SAP Solutions 8.6 ppc64le
Red Hat Enterprise Linux Server for Power LE – Update Services for SAP Solutions 9.0 ppc64le
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Update Infrastructure 4 x86_64
Secondary Scheduler Operator for Red Hat OpenShift (OSSO) 1.0 x86_64
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Enlaces
https://access.redhat.com/errata/RHSA-2022:5736
https://access.redhat.com/errata/RHSA-2022:5738
https://access.redhat.com/errata/RHSA-2022:5699
https://access.redhat.com/errata/RHSA-2022:5703
https://access.redhat.com/errata/RHSA-2022:5702
https://access.redhat.com/errata/RHSA-2022:5700
https://access.redhat.com/errata/RHSA-2022:5701
https://access.redhat.com/errata/RHSA-2022:5698
https://access.redhat.com/errata/RHSA-2022:5696
https://access.redhat.com/errata/RHSA-2022:5717
https://access.redhat.com/errata/RHSA-2022:5718
https://access.redhat.com/errata/RHSA-2022:5697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3634
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40528
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31107
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA22-00681-01.